WordPress Plugin Vulnerabilities

MailCWP 1.100 - Unauthenticated Arbitrary File Upload

Description

The code in mailcwp-upload.php doesn't check that a user is authenticated or what type of file is being uploaded any user can upload a shell to the target WordPress server:

Exploitation requires the attacker to guess a writeable location in the http server root.

Affects Plugins

Plugin icon
mailcwp
Fixed in 1.110

References

CVE
CVE-2015-1000000
URL
https://packetstormsecurity.com/files/#132739/
URL
http://www.vapidlabs.com/advisory.php?v=175

Miscellaneous

Submitter
Larry W. Cashdollar
Submitter twitter
_larry0
Verified
No
WPVDB ID
2e0e92fb-be2e-4dc3-8a40-82d648e6cdd5

Timeline

Publicly Published
2015-07-10 (about 10 years ago)
Added
2015-07-11 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-07-26
Title
Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
Published
2022-09-07
Title
Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload
Published
2025-04-08
Title
Insert or Embed Articulate Content into WordPress < 4.3000000026 - Editor+ Arbitrary File Upload
Published
2024-01-18
Title
AI Engine < 2.1.5 - Editor+ Arbitrary File Upload via add_image_from_url
Published
2025-04-25
Title
Crossword Compiler Puzzles < 5.3 - Subscriber+ Arbitrary File Upload